This incident is part of a much larger pattern of high-profile social media compromises that are specifically targeting crypto platforms. This includes unsuccessful attempts to promote fake tokens like HACKED. Additionally, the Ethena website also recently experienced a front-end exploit. In response to these threats, the SEC has launched its first enforcement actions against "pig butchering" scams. The agency is specifically targeting fraudulent trading platforms NanoBit and CoinW6 for defrauding investors.
Decentraland Users Targeted by Phishing Scam
Blockchain security firm PeckShield recently shared that Decentraland's official X account was compromised, and the attackers are circulating a phishing link disguised as a MANA token airdrop. The malicious link directed users to a fraudulent website, urging them to connect their wallets to claim the tokens, only to have their funds stolen afterward.
PeckShield advised users to rather avoid interacting with the compromised account and not to click on the phishing link or engage with any related content. The firm also recommended that people should wait for an official update from Decentraland that confirms that the account has been restored.
The scam first appeared at 01:50 am UTC on Sept. 19, when a post announcing the fake MANA airdrop was pinned to Decentraland's X account. The attackers made the scam seem even more legit by claiming that comments were turned off due to malicious links.
Before the takeover, Decentraland’s last legitimate post was published on Sept. 18 at 10:00 pm UTC. The post was about some community fashion trends on the platform.
This incident is one of many social media breaches targeting crypto-related accounts. In an interview on Sept. 12, Kitboga, a well-known scam baiter, shared some advice on how to avoid these scams. According to Kitboga, scammers typically create a false sense of urgency. Users are urged to stay calm and properly think through their actions before responding to any suspicious situations.
Decentraland is a virtual world platform that is built on Ethereum. It incentivizes its global network of users to participate in and operate within a shared digital space. In Decentraland, users can buy and sell digital real estate, as well as explore, interact, and play games. The platform has expanded over time to include interactive apps, in-world payments, and peer-to-peer communication.
Two types of tokens govern its operations. LAND is a non-fungible token (NFT) that represents ownership of digital land parcels. MANA is a cryptocurrency used to buy LAND and other virtual goods and services on the platform.
More High-Profile X Accounts Hacked
On Sept. 18, a group of crypto scammers hacked several high-profile social media accounts, including Lenovo India, Yahoo News UK, MoneyControl, Oliver Stone, People, and Krystal DeFi, to promote a Solana meme coin called HACKED. Unlike typical account hacks, the scammers openly admitted to the breach and encouraged users to participate in pumping the token for profits.
Despite their brazen transparency, the attempt was unsuccessful as the scammers reportedly made only $8,000. According to blockchain investigator ZachXBT, top traders made less than $1,000, HACKED’s market cap reached just $67,000 before plummeting. The token briefly spiked by 900% but has since collapsed.
ZachXBT speculated that the hacked accounts might have granted permissions to the same site or app, and he urged users to revoke unnecessary app permissions for security.
This was not the first instance of X accounts being hacked to promote scam tokens. In May, a similar attack targeted crypto influencers and celebrities. Over the past year, well known crypto entities like MicroStrategy, Algorand, Rocket Pool, Compound Finance, Ava Labs, and even Ethereum co-founder Vitalik Buterin have all had their accounts compromised. Low-fee, high-throughput blockchains like Solana and Base have also increasingly become a target for scam tokens and meme coins in 2023 and 2024.
Ethena Website Compromised
On Sept. 18, the Ethena website was also compromised in a front-end exploit. This prompted Ethena Labs to advise users not to interact with any site or app claiming to be Ethena.
The company revealed that its domain registrar account was compromised, which led to the deactivation of the website until the issue is resolved. Ethena Labs still reassured its users that the protocol itself remained secure and that customer funds were not affected.
Security firm Blockaid also issued a warning to users connected to the site at the time of the exploit, and advised them to disconnect their wallets and avoid signing any transactions. Additionally, MetaMask alerted users to fake sites attempting to exploit the situation to steal seed phrases and passwords, and flagged the Ethena website as deceptive.
This incident is part of the surge in crypto-related hacks in 2024. Losses due to these hack already surpassed $1.2 billion by the end of August, which was a 15.5% increase from the same period in 2023, according to a report from Immunefi.
Crypto losses as of August 2024 (Source: Immunefi)
Earlier in September, the Penpie protocol suffered a $27 million exploit, while Delta Prime was hit with a $6 million hack that resulted from a private key exploit. The Delta Prime hacker converted the stolen funds to Ether, and on-chain analyst ZackXBT speculated that the hack could be linked to North Korean attackers.
SEC Targets Crypto "Pig Butchering" Scams
Luckily the US Securities and Exchange Commission (SEC) is taking steps to eradicate scams in the crypto secutor. In fact, the SEC has filed its first enforcement actions against crypto "pig butchering" scams.
Specifically, the regulator is taking legal action against two alleged fake crypto asset trading platforms, NanoBit and CoinW6. The SEC accused five entities and three people connected to the platforms of defrauding investors out of almost $3.2 million by building trust through social media interactions and pursuing relationships with them.
According to the SEC, the scammers behind CoinW6 posed as young professionals on LinkedIn and Instagram, and eventually engaged in romantic conversations with investors via WhatsApp. They allegedly also convinced investors to open accounts on the platform, and promised high returns from staking, mining, and yield farming products that were entirely fictitious. When investors then tried to withdraw funds, they were met with demands for even more money or blackmail threats involving their private WhatsApp messages.
The SEC also sued NanoBit, and claimed that the platform defrauded at least 18 investors out of close to $968,000. The scammers posed as financial professionals in WhatsApp groups and falsely claimed that NanoBitUS Securities was an SEC-registered broker to build trust. NanoBit allegedly promoted fake initial coin offerings and wired investor funds to Hong Kong accounts. Investors were told they could not withdraw their funds because of fabricated fees like "Ghana miners fees."
Both CoinW6 and NanoBit were charged with violating securities law antifraud provisions. The SEC is seeking permanent injunctions, penalties, and disgorgement against the accused.
